HijackThis log vanwege computerproblemen!

anoniem · 17 november 2011

Naar aanleiding van mijn ander topic http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1467880#1467880 deze logfile: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:52:49, on 17-11-2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nico\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B3T61C75\HijackThis (1).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://willibrord.orionelo.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111113150322.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.mcafee.com O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13863 bytes

anoniem · 17 november 2011

Hoi, je log toont feitelijk niets bijzonders. [b:f9de499291]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:f9de499291] [color=blue:f9de499291][list:f9de499291][*:f9de499291]Lees alle instrukties goed door. [*:f9de499291]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken. [*:f9de499291]Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken. [*:f9de499291]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken. [*:f9de499291]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht. [*:f9de499291]De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:f9de499291][/color:f9de499291] [color=#FF0000:f9de499291][b:f9de499291]Stap •1•[/b:f9de499291][/color:f9de499291] [[b:f9de499291]Welk programma[/b:f9de499291]: Kaspersky [b:f9de499291]TDSSKiller[/b:f9de499291] [b:f9de499291]Waarvoor/waarom[/b:f9de499291]: Rootkitscanner [b:f9de499291]Moeilijkheidsgraad[/b:f9de499291]: geen [b:f9de499291]Downloadlokatie[/b:f9de499291]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen! [b:f9de499291]Download[/b:f9de499291] [b:f9de499291]TDSSKiller[/b:f9de499291] [url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip][b:f9de499291]hier[/b:f9de499291][/url]. [b:f9de499291]Installatie[/b:f9de499291]: [list:f9de499291][*:f9de499291] pak het bestand uit op je bureaublad.[/list:u:f9de499291] [b:f9de499291]TDSSKiller gebruiken[/b:f9de499291]: [list:f9de499291][*:f9de499291]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe. [*:f9de499291]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:f9de499291]Als Administrator uitvoeren[/b:f9de499291]. [*:f9de499291]Idien TDSSKiller met een bericht komt over een beschikbare update, dan voer je deze eerst uit.[/list:u:f9de499291] [img:f9de499291]http://www.imgdumper.nl/uploads4/4dc1d6438f791/4dc1d6438d897-TDSSKiller_2011-05-05_00-26-21.jpg[/img:f9de499291] [list:f9de499291][*:f9de499291]Klik vervolgens op de knop [b:f9de499291]"Start Scan"[/b:f9de499291] en volg de instructies. [*:f9de499291] Nadat de scan klaar is klik je op de knop [b:f9de499291]"Report"[/b:f9de499291]. [*:f9de499291]Er opent een kladblokbestand. Post de inhoud van dit bestand. [list:f9de499291][*:f9de499291][b:f9de499291]Herstart de pc indien TDSSKiller die optie aangeeft (Reboot now).[/b:f9de499291] [*:f9de499291]Wanneer het opnieuw opstarten noodzakelijk is, vind je de logfile in [b:f9de499291]C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b:f9de499291][/list:u:f9de499291][/list:u:f9de499291] [color=#FF0000:f9de499291][b:f9de499291]Stap •2•[/b:f9de499291][/color:f9de499291] [b:f9de499291]Welk programma[/b:f9de499291]: ComboFix [b:f9de499291]Waarvoor/waarom[/b:f9de499291]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:f9de499291]Moeilijkheidsgraad[/b:f9de499291]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:f9de499291]Downloadlokatie[/b:f9de499291]: Dit programma absoluut naar het bureaublad downloaden! [b:f9de499291]Download ComboFix via één van deze locaties[/b:f9de499291]: [list:f9de499291][*:f9de499291][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:f9de499291]Bleepingcomputer[/b:f9de499291][/url] [*:f9de499291][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:f9de499291]ForoSpyware[/b:f9de499291][/url] [*:f9de499291][url=http://subs.geekstogo.com/ComboFix.exe][b:f9de499291]Geekstogo[/b:f9de499291][/url][/list:u:f9de499291] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:f9de499291]Hier[/b:f9de499291][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:f9de499291]Hier[/b:f9de499291][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:f9de499291]hier[/b:f9de499291][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:f9de499291]Voor alle duidelijkheid nogmaals[/b:f9de499291]: ComboFix dient vanaf het bureaublad gestart te worden. [b:f9de499291]Opmerkingen[/b:f9de499291]: [list:f9de499291][*:f9de499291] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:f9de499291]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:f9de499291]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:f9de499291] [b:f9de499291]ComboFix is opgestart[/b:f9de499291]: [list:f9de499291][*:f9de499291]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:f9de499291]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:f9de499291]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:f9de499291]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:f9de499291]Post de inhoud van dit logbestand in je volgende bericht. [*:f9de499291]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:f9de499291] [b:f9de499291]Belangrijke opmerking[/b:f9de499291]: [list:f9de499291][*:f9de499291][b:f9de499291][color=Red:f9de499291]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:f9de499291][/b:f9de499291] [*:f9de499291][b:f9de499291][color=blue:f9de499291]Illegal operation attempted on a registery key that has been marked for deletion.[/color:f9de499291][/b:f9de499291] [*:f9de499291][b:f9de499291][color=Red:f9de499291]Start dan de computer opnieuw op.[/color:f9de499291][/b:f9de499291][/list:u:f9de499291] [color=#FF0000:f9de499291][b:f9de499291]Stap •3•[/b:f9de499291][/color:f9de499291] [b:f9de499291]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:f9de499291] [list:f9de499291][*:f9de499291] TDSSKiller-log [*:f9de499291] ComboFix.txt-log [/list:u:f9de499291]

anoniem · 17 november 2011

TDSS log 21:39:27.0487 1156 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50 21:39:29.0134 1156 ============================================================ 21:39:29.0135 1156 Current date / time: 2011/11/17 21:39:29.0134 21:39:29.0135 1156 SystemInfo: 21:39:29.0135 1156 21:39:29.0135 1156 OS Version: 6.1.7601 ServicePack: 1.0 21:39:29.0135 1156 Product type: Workstation 21:39:29.0135 1156 ComputerName: NICO-LAPTOP 21:39:29.0135 1156 UserName: Nico 21:39:29.0135 1156 Windows directory: C:\Windows 21:39:29.0135 1156 System windows directory: C:\Windows 21:39:29.0135 1156 Running under WOW64 21:39:29.0135 1156 Processor architecture: Intel x64 21:39:29.0135 1156 Number of processors: 4 21:39:29.0135 1156 Page size: 0x1000 21:39:29.0135 1156 Boot type: Normal boot 21:39:29.0135 1156 ============================================================ 21:39:29.0741 1156 Initialize success 21:39:32.0043 7980 ============================================================ 21:39:32.0043 7980 Scan started 21:39:32.0043 7980 Mode: Manual; 21:39:32.0043 7980 ============================================================ 21:39:34.0148 7980 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 21:39:34.0191 7980 1394ohci - ok 21:39:34.0234 7980 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 21:39:34.0236 7980 ACPI - ok 21:39:34.0327 7980 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 21:39:34.0364 7980 AcpiPmi - ok 21:39:34.0428 7980 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 21:39:34.0445 7980 adp94xx - ok 21:39:34.0574 7980 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 21:39:34.0583 7980 adpahci - ok 21:39:34.0617 7980 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 21:39:34.0624 7980 adpu320 - ok 21:39:34.0892 7980 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 21:39:34.0942 7980 AFD - ok 21:39:35.0130 7980 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys 21:39:35.0155 7980 AgereSoftModem - ok 21:39:35.0257 7980 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 21:39:35.0263 7980 agp440 - ok 21:39:35.0311 7980 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 21:39:35.0316 7980 aliide - ok 21:39:35.0420 7980 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 21:39:35.0423 7980 amdide - ok 21:39:35.0465 7980 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 21:39:35.0469 7980 AmdK8 - ok 21:39:35.0705 7980 amdkmdag (f05b22ce901fc26ae55a1a27aa674d96) C:\Windows\system32\DRIVERS\atikmdag.sys 21:39:35.0971 7980 amdkmdag - ok 21:39:36.0085 7980 amdkmdap (ed25d58581b5a28593c277f482fccd62) C:\Windows\system32\DRIVERS\atikmpag.sys 21:39:36.0131 7980 amdkmdap - ok 21:39:36.0156 7980 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 21:39:36.0159 7980 AmdPPM - ok 21:39:36.0279 7980 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 21:39:36.0333 7980 amdsata - ok 21:39:36.0370 7980 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 21:39:36.0378 7980 amdsbs - ok 21:39:36.0491 7980 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 21:39:36.0559 7980 amdxata - ok 21:39:36.0636 7980 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 21:39:36.0673 7980 AppID - ok 21:39:36.0780 7980 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 21:39:36.0785 7980 arc - ok 21:39:36.0795 7980 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 21:39:36.0807 7980 arcsas - ok 21:39:36.0837 7980 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 21:39:36.0843 7980 AsyncMac - ok 21:39:36.0938 7980 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 21:39:36.0942 7980 atapi - ok 21:39:37.0116 7980 atikmdag (f05b22ce901fc26ae55a1a27aa674d96) C:\Windows\system32\DRIVERS\atikmdag.sys 21:39:37.0147 7980 atikmdag - ok 21:39:37.0273 7980 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 21:39:37.0284 7980 b06bdrv - ok 21:39:37.0396 7980 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 21:39:37.0403 7980 b57nd60a - ok 21:39:37.0435 7980 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 21:39:37.0439 7980 Beep - ok 21:39:37.0568 7980 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 21:39:37.0578 7980 blbdrive - ok 21:39:37.0615 7980 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 21:39:37.0665 7980 bowser - ok 21:39:37.0758 7980 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 21:39:37.0767 7980 BrFiltLo - ok 21:39:37.0778 7980 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 21:39:37.0786 7980 BrFiltUp - ok 21:39:37.0810 7980 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 21:39:37.0819 7980 Brserid - ok 21:39:37.0847 7980 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 21:39:37.0852 7980 BrSerWdm - ok 21:39:37.0931 7980 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 21:39:37.0935 7980 BrUsbMdm - ok 21:39:37.0942 7980 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 21:39:37.0946 7980 BrUsbSer - ok 21:39:37.0964 7980 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 21:39:37.0967 7980 BTHMODEM - ok 21:39:37.0998 7980 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 21:39:38.0003 7980 cdfs - ok 21:39:38.0107 7980 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 21:39:38.0164 7980 cdrom - ok 21:39:38.0290 7980 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys 21:39:38.0331 7980 cfwids - ok 21:39:38.0426 7980 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 21:39:38.0429 7980 circlass - ok 21:39:38.0476 7980 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 21:39:38.0487 7980 CLFS - ok 21:39:38.0657 7980 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 21:39:38.0663 7980 CmBatt - ok 21:39:38.0707 7980 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 21:39:38.0710 7980 cmdide - ok 21:39:38.0807 7980 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 21:39:38.0864 7980 CNG - ok 21:39:38.0979 7980 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\Windows\system32\drivers\CHDRT64.sys 21:39:39.0030 7980 CnxtHdAudService - ok 21:39:39.0192 7980 CnxtHdmiAudService (89c99ab4ae9535f727791592d84d4821) C:\Windows\system32\drivers\CHDMI64.sys 21:39:39.0256 7980 CnxtHdmiAudService - ok 21:39:39.0365 7980 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 21:39:39.0370 7980 Compbatt - ok 21:39:39.0412 7980 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 21:39:39.0472 7980 CompositeBus - ok 21:39:39.0576 7980 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 21:39:39.0580 7980 crcdisk - ok 21:39:39.0665 7980 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 21:39:39.0740 7980 DfsC - ok 21:39:39.0833 7980 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 21:39:39.0837 7980 discache - ok 21:39:39.0867 7980 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 21:39:39.0873 7980 Disk - ok 21:39:39.0986 7980 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 21:39:39.0995 7980 drmkaud - ok 21:39:40.0103 7980 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 21:39:40.0166 7980 DXGKrnl - ok 21:39:40.0323 7980 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 21:39:40.0428 7980 ebdrv - ok 21:39:40.0535 7980 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 21:39:40.0545 7980 elxstor - ok 21:39:40.0598 7980 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 21:39:40.0602 7980 ErrDev - ok 21:39:40.0693 7980 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 21:39:40.0705 7980 exfat - ok 21:39:40.0739 7980 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 21:39:40.0747 7980 fastfat - ok 21:39:40.0830 7980 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 21:39:40.0836 7980 fdc - ok 21:39:40.0887 7980 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 21:39:40.0892 7980 FileInfo - ok 21:39:40.0903 7980 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 21:39:40.0908 7980 Filetrace - ok 21:39:40.0929 7980 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 21:39:40.0934 7980 flpydisk - ok 21:39:41.0032 7980 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 21:39:41.0080 7980 FltMgr - ok 21:39:41.0119 7980 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 21:39:41.0123 7980 FsDepends - ok 21:39:41.0177 7980 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 21:39:41.0181 7980 Fs_Rec - ok 21:39:41.0241 7980 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 21:39:41.0299 7980 fvevol - ok 21:39:41.0403 7980 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\Windows\system32\DRIVERS\FwLnk.sys 21:39:41.0442 7980 FwLnk - ok 21:39:41.0477 7980 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 21:39:41.0482 7980 gagp30kx - ok 21:39:41.0497 7980 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 21:39:41.0501 7980 hcw85cir - ok 21:39:41.0594 7980 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 21:39:41.0652 7980 HdAudAddService - ok 21:39:41.0677 7980 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 21:39:41.0678 7980 HDAudBus - ok 21:39:41.0704 7980 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 21:39:41.0740 7980 HECIx64 - ok 21:39:41.0832 7980 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 21:39:41.0837 7980 HidBatt - ok 21:39:41.0850 7980 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 21:39:41.0856 7980 HidBth - ok 21:39:41.0888 7980 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 21:39:41.0894 7980 HidIr - ok 21:39:41.0985 7980 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 21:39:42.0042 7980 HidUsb - ok 21:39:42.0119 7980 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 21:39:42.0164 7980 HpSAMD - ok 21:39:42.0247 7980 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 21:39:42.0308 7980 HTTP - ok 21:39:42.0398 7980 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 21:39:42.0439 7980 hwpolicy - ok 21:39:42.0474 7980 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 21:39:42.0481 7980 i8042prt - ok 21:39:42.0520 7980 iaStor (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys 21:39:42.0524 7980 iaStor - ok 21:39:42.0627 7980 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 21:39:42.0722 7980 iaStorV - ok 21:39:42.0754 7980 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 21:39:42.0759 7980 iirsp - ok 21:39:42.0879 7980 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys 21:39:42.0945 7980 Impcd - ok 21:39:42.0981 7980 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 21:39:42.0984 7980 intelide - ok 21:39:43.0015 7980 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 21:39:43.0016 7980 intelppm - ok 21:39:43.0110 7980 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:39:43.0157 7980 IpFilterDriver - ok 21:39:43.0201 7980 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 21:39:43.0244 7980 IPMIDRV - ok 21:39:43.0331 7980 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 21:39:43.0333 7980 IPNAT - ok 21:39:43.0363 7980 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 21:39:43.0368 7980 IRENUM - ok 21:39:43.0407 7980 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 21:39:43.0412 7980 isapnp - ok 21:39:43.0496 7980 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 21:39:43.0560 7980 iScsiPrt - ok 21:39:43.0586 7980 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 21:39:43.0591 7980 kbdclass - ok 21:39:43.0695 7980 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 21:39:43.0752 7980 kbdhid - ok 21:39:43.0835 7980 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 21:39:43.0878 7980 KSecDD - ok 21:39:43.0982 7980 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 21:39:44.0026 7980 KSecPkg - ok 21:39:44.0077 7980 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 21:39:44.0081 7980 ksthunk - ok 21:39:44.0194 7980 L1C (655a5d8e80869781cce23760ada7e695) C:\Windows\system32\DRIVERS\L1C62x64.sys 21:39:44.0253 7980 L1C - ok 21:39:44.0298 7980 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 21:39:44.0303 7980 lltdio - ok 21:39:44.0409 7980 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 21:39:44.0416 7980 LSI_FC - ok 21:39:44.0429 7980 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 21:39:44.0433 7980 LSI_SAS - ok 21:39:44.0441 7980 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 21:39:44.0445 7980 LSI_SAS2 - ok 21:39:44.0455 7980 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 21:39:44.0460 7980 LSI_SCSI - ok 21:39:44.0489 7980 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 21:39:44.0492 7980 luafv - ok 21:39:44.0654 7980 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 21:39:44.0660 7980 megasas - ok 21:39:44.0686 7980 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 21:39:44.0695 7980 MegaSR - ok 21:39:44.0763 7980 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys 21:39:44.0765 7980 mfeapfk - ok 21:39:44.0849 7980 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys 21:39:44.0910 7980 mfeavfk - ok 21:39:45.0016 7980 mfeavfk01 - ok 21:39:45.0082 7980 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys 21:39:45.0141 7980 mfefirek - ok 21:39:45.0268 7980 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys 21:39:45.0321 7980 mfehidk - ok 21:39:45.0413 7980 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys 21:39:45.0454 7980 mfenlfk - ok 21:39:45.0500 7980 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys 21:39:45.0548 7980 mferkdet - ok 21:39:45.0636 7980 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys 21:39:45.0696 7980 mfewfpk - ok 21:39:45.0749 7980 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 21:39:45.0752 7980 Modem - ok 21:39:45.0848 7980 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 21:39:45.0849 7980 monitor - ok 21:39:45.0899 7980 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 21:39:45.0903 7980 mouclass - ok 21:39:46.0015 7980 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 21:39:46.0019 7980 mouhid - ok 21:39:46.0077 7980 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 21:39:46.0126 7980 mountmgr - ok 21:39:46.0232 7980 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 21:39:46.0324 7980 mpio - ok 21:39:46.0360 7980 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 21:39:46.0366 7980 mpsdrv - ok 21:39:46.0464 7980 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 21:39:46.0514 7980 MRxDAV - ok 21:39:46.0554 7980 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 21:39:46.0628 7980 mrxsmb - ok 21:39:46.0725 7980 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:39:46.0773 7980 mrxsmb10 - ok 21:39:46.0793 7980 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:39:46.0831 7980 mrxsmb20 - ok 21:39:46.0871 7980 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 21:39:46.0929 7980 msahci - ok 21:39:47.0030 7980 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 21:39:47.0084 7980 msdsm - ok 21:39:47.0127 7980 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 21:39:47.0150 7980 Msfs - ok 21:39:47.0177 7980 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 21:39:47.0183 7980 mshidkmdf - ok 21:39:47.0274 7980 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 21:39:47.0278 7980 msisadrv - ok 21:39:47.0312 7980 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 21:39:47.0319 7980 MSKSSRV - ok 21:39:47.0350 7980 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 21:39:47.0355 7980 MSPCLOCK - ok 21:39:47.0439 7980 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 21:39:47.0442 7980 MSPQM - ok 21:39:47.0503 7980 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 21:39:47.0537 7980 MsRPC - ok 21:39:47.0573 7980 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 21:39:47.0573 7980 mssmbios - ok 21:39:47.0662 7980 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 21:39:47.0668 7980 MSTEE - ok 21:39:47.0677 7980 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 21:39:47.0685 7980 MTConfig - ok 21:39:47.0706 7980 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 21:39:47.0711 7980 Mup - ok 21:39:47.0729 7980 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 21:39:47.0737 7980 NativeWifiP - ok 21:39:47.0795 7980 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 21:39:47.0801 7980 NDIS - ok 21:39:47.0888 7980 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 21:39:47.0897 7980 NdisCap - ok 21:39:47.0961 7980 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 21:39:47.0963 7980 NdisTapi - ok 21:39:48.0015 7980 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 21:39:48.0087 7980 Ndisuio - ok 21:39:48.0192 7980 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 21:39:48.0253 7980 NdisWan - ok 21:39:48.0289 7980 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 21:39:48.0331 7980 NDProxy - ok 21:39:48.0418 7980 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 21:39:48.0425 7980 NetBIOS - ok 21:39:48.0472 7980 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 21:39:48.0524 7980 NetBT - ok 21:39:48.0636 7980 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 21:39:48.0640 7980 nfrd960 - ok 21:39:48.0662 7980 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 21:39:48.0666 7980 Npfs - ok 21:39:48.0675 7980 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 21:39:48.0679 7980 nsiproxy - ok 21:39:48.0737 7980 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 21:39:48.0791 7980 Ntfs - ok 21:39:48.0882 7980 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 21:39:48.0887 7980 Null - ok 21:39:48.0918 7980 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 21:39:48.0960 7980 nvraid - ok 21:39:48.0978 7980 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 21:39:49.0015 7980 nvstor - ok 21:39:49.0111 7980 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 21:39:49.0132 7980 nv_agp - ok 21:39:49.0163 7980 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 21:39:49.0169 7980 ohci1394 - ok 21:39:49.0291 7980 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 21:39:49.0299 7980 Parport - ok 21:39:49.0343 7980 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 21:39:49.0409 7980 partmgr - ok 21:39:49.0516 7980 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 21:39:49.0519 7980 pci - ok 21:39:49.0554 7980 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 21:39:49.0561 7980 pciide - ok 21:39:49.0655 7980 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 21:39:49.0663 7980 pcmcia - ok 21:39:49.0683 7980 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 21:39:49.0688 7980 pcw - ok 21:39:49.0707 7980 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 21:39:49.0725 7980 PEAUTH - ok 21:39:49.0830 7980 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys 21:39:49.0900 7980 PGEffect - ok 21:39:50.0020 7980 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 21:39:50.0066 7980 PptpMiniport - ok 21:39:50.0087 7980 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 21:39:50.0091 7980 Processor - ok 21:39:50.0179 7980 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 21:39:50.0180 7980 Psched - ok 21:39:50.0302 7980 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 21:39:50.0323 7980 ql2300 - ok 21:39:50.0417 7980 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 21:39:50.0421 7980 ql40xx - ok 21:39:50.0442 7980 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 21:39:50.0446 7980 QWAVEdrv - ok 21:39:50.0455 7980 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 21:39:50.0459 7980 RasAcd - ok 21:39:50.0511 7980 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 21:39:50.0514 7980 RasAgileVpn - ok 21:39:50.0610 7980 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 21:39:50.0652 7980 Rasl2tp - ok 21:39:50.0695 7980 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 21:39:50.0701 7980 RasPppoe - ok 21:39:50.0772 7980 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 21:39:50.0778 7980 RasSstp - ok 21:39:50.0816 7980 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 21:39:50.0870 7980 rdbss - ok 21:39:50.0904 7980 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 21:39:50.0909 7980 rdpbus - ok 21:39:51.0009 7980 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 21:39:51.0013 7980 RDPCDD - ok 21:39:51.0035 7980 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 21:39:51.0040 7980 RDPENCDD - ok 21:39:51.0064 7980 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 21:39:51.0067 7980 RDPREFMP - ok 21:39:51.0102 7980 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 21:39:51.0149 7980 RDPWD - ok 21:39:51.0252 7980 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 21:39:51.0301 7980 rdyboost - ok 21:39:51.0341 7980 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 21:39:51.0345 7980 rspndr - ok 21:39:51.0396 7980 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys 21:39:51.0399 7980 RSUSBSTOR - ok 21:39:51.0512 7980 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\Windows\system32\DRIVERS\rtl8192se.sys 21:39:51.0568 7980 rtl8192se - ok 21:39:51.0638 7980 SbieDrv (742112ce7abb11dc17a561b4291be9c6) C:\Program Files\Sandboxie\SbieDrv.sys 21:39:51.0700 7980 SbieDrv - ok 21:39:51.0791 7980 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 21:39:51.0876 7980 sbp2port - ok 21:39:51.0911 7980 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 21:39:51.0953 7980 scfilter - ok 21:39:51.0986 7980 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 21:39:51.0989 7980 secdrv - ok 21:39:52.0070 7980 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 21:39:52.0074 7980 Serenum - ok 21:39:52.0086 7980 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 21:39:52.0090 7980 Serial - ok 21:39:52.0118 7980 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 21:39:52.0122 7980 sermouse - ok 21:39:52.0164 7980 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 21:39:52.0187 7980 sffdisk - ok 21:39:52.0279 7980 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 21:39:52.0286 7980 sffp_mmc - ok 21:39:52.0301 7980 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 21:39:52.0360 7980 sffp_sd - ok 21:39:52.0407 7980 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 21:39:52.0411 7980 sfloppy - ok 21:39:52.0503 7980 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 21:39:52.0511 7980 SiSRaid2 - ok 21:39:52.0521 7980 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 21:39:52.0529 7980 SiSRaid4 - ok 21:39:52.0550 7980 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 21:39:52.0556 7980 Smb - ok 21:39:52.0586 7980 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 21:39:52.0590 7980 spldr - ok 21:39:52.0627 7980 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 21:39:52.0668 7980 srv - ok 21:39:52.0765 7980 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 21:39:52.0820 7980 srv2 - ok 21:39:52.0834 7980 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 21:39:52.0892 7980 srvnet - ok 21:39:52.0995 7980 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 21:39:53.0001 7980 stexstor - ok 21:39:53.0053 7980 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 21:39:53.0059 7980 swenum - ok 21:39:53.0180 7980 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys 21:39:53.0226 7980 SynTP - ok 21:39:53.0323 7980 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 21:39:53.0380 7980 Tcpip - ok 21:39:53.0531 7980 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 21:39:53.0548 7980 TCPIP6 - ok 21:39:53.0635 7980 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 21:39:53.0710 7980 tcpipreg - ok 21:39:53.0755 7980 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys 21:39:53.0794 7980 tdcmdpst - ok 21:39:53.0882 7980 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 21:39:53.0888 7980 TDPIPE - ok 21:39:53.0897 7980 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 21:39:53.0901 7980 TDTCP - ok 21:39:53.0945 7980 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 21:39:53.0987 7980 tdx - ok 21:39:54.0101 7980 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 21:39:54.0133 7980 TermDD - ok 21:39:54.0269 7980 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 21:39:54.0317 7980 tssecsrv - ok 21:39:54.0385 7980 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 21:39:54.0441 7980 TsUsbFlt - ok 21:39:54.0562 7980 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 21:39:54.0564 7980 tunnel - ok 21:39:54.0603 7980 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS 21:39:54.0662 7980 TVALZ - ok 21:39:54.0754 7980 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys 21:39:54.0808 7980 TVALZFL - ok 21:39:54.0837 7980 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 21:39:54.0841 7980 uagp35 - ok 21:39:54.0936 7980 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 21:39:54.0981 7980 udfs - ok 21:39:55.0036 7980 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 21:39:55.0040 7980 uliagpkx - ok 21:39:55.0149 7980 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 21:39:55.0194 7980 umbus - ok 21:39:55.0226 7980 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 21:39:55.0229 7980 UmPass - ok 21:39:55.0331 7980 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 21:39:55.0386 7980 usbccgp - ok 21:39:55.0423 7980 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 21:39:55.0428 7980 usbcir - ok 21:39:55.0455 7980 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 21:39:55.0511 7980 usbehci - ok 21:39:55.0628 7980 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 21:39:55.0681 7980 usbhub - ok 21:39:55.0699 7980 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 21:39:55.0759 7980 usbohci - ok 21:39:55.0801 7980 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 21:39:55.0805 7980 usbprint - ok 21:39:55.0909 7980 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:39:55.0966 7980 USBSTOR - ok 21:39:55.0995 7980 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 21:39:56.0035 7980 usbuhci - ok 21:39:56.0102 7980 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 21:39:56.0141 7980 usbvideo - ok 21:39:56.0259 7980 VBoxDrv (c40fecb0bd5da4e40690ef9ae4558a8c) C:\Windows\system32\DRIVERS\VBoxDrv.sys 21:39:56.0321 7980 VBoxDrv - ok 21:39:56.0422 7980 VBoxNetAdp (b3fc2d5f35e05e12c28f786c140d1cbd) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys 21:39:56.0478 7980 VBoxNetAdp - ok 21:39:56.0503 7980 VBoxNetFlt (91ef7f61587323cb1658fe919d091ec3) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys 21:39:56.0544 7980 VBoxNetFlt - ok 21:39:56.0585 7980 VBoxUSB (ceb09d7c50f047aa457212188d28fc28) C:\Windows\system32\Drivers\VBoxUSB.sys 21:39:56.0626 7980 VBoxUSB - ok 21:39:56.0750 7980 VBoxUSBMon (cf8b6507670127041ca78ef82c56ee45) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys 21:39:56.0803 7980 VBoxUSBMon - ok 21:39:56.0852 7980 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 21:39:56.0857 7980 vdrvroot - ok 21:39:56.0968 7980 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 21:39:56.0973 7980 vga - ok 21:39:56.0994 7980 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 21:39:57.0001 7980 VgaSave - ok 21:39:57.0047 7980 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 21:39:57.0106 7980 vhdmp - ok 21:39:57.0178 7980 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 21:39:57.0185 7980 viaide - ok 21:39:57.0214 7980 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 21:39:57.0259 7980 volmgr - ok 21:39:57.0294 7980 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 21:39:57.0340 7980 volmgrx - ok 21:39:57.0374 7980 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 21:39:57.0414 7980 volsnap - ok 21:39:57.0524 7980 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 21:39:57.0536 7980 vsmraid - ok 21:39:57.0585 7980 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 21:39:57.0588 7980 vwifibus - ok 21:39:57.0696 7980 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 21:39:57.0704 7980 vwififlt - ok 21:39:57.0724 7980 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 21:39:57.0731 7980 vwifimp - ok 21:39:57.0790 7980 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 21:39:57.0798 7980 WacomPen - ok 21:39:57.0939 7980 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 21:39:57.0985 7980 WANARP - ok 21:39:58.0002 7980 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 21:39:58.0003 7980 Wanarpv6 - ok 21:39:58.0099 7980 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 21:39:58.0109 7980 Wd - ok 21:39:58.0137 7980 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 21:39:58.0152 7980 Wdf01000 - ok 21:39:58.0260 7980 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 21:39:58.0263 7980 WfpLwf - ok 21:39:58.0281 7980 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 21:39:58.0284 7980 WIMMount - ok 21:39:58.0408 7980 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 21:39:58.0413 7980 WmiAcpi - ok 21:39:58.0456 7980 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 21:39:58.0456 7980 ws2ifsl - ok 21:39:58.0496 7980 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 21:39:58.0542 7980 WudfPf - ok 21:39:58.0642 7980 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 21:39:58.0694 7980 WUDFRd - ok 21:39:58.0752 7980 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 21:39:58.0768 7980 \Device\Harddisk0\DR0 - ok 21:39:58.0786 7980 Boot (0x1200) (04740ece94bd3eca8ab715fb831edd5a) \Device\Harddisk0\DR0\Partition0 21:39:58.0787 7980 \Device\Harddisk0\DR0\Partition0 - ok 21:39:58.0806 7980 Boot (0x1200) (94fa0d90c10f2c47b3524e6dab3948a5) \Device\Harddisk0\DR0\Partition1 21:39:58.0807 7980 \Device\Harddisk0\DR0\Partition1 - ok 21:39:58.0808 7980 ============================================================ 21:39:58.0808 7980 Scan finished 21:39:58.0808 7980 ============================================================ 21:39:58.0820 3384 Detected object count: 0 21:39:58.0820 3384 Actual detected object count: 0 Combofix Log ComboFix 11-11-17.03 - Nico 17-11-2011 22:03:48.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3959.2624 [GMT 1:00] Gestart vanuit: d:\gebruikers\Nico\Downloads\ComboFix.exe AV: McAfeeAntivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfeeFirewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfeeAntivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\slwga.dll . . . . konden niet verwijderd worden c:\windows\system32\srrstr.dll . . . . konden niet verwijderd worden c:\windows\system32\systemcpl.dll . . . . konden niet verwijderd worden c:\windows\system32\termsrv.dll . . . . konden niet verwijderd worden c:\windows\SysWow64\odbcad32.exe . ----- File Replicators ----- . c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe c:\windows\Installer\{04B9F1A8-CC3B-CCF8-71B6-1ABFE4E00590}\ARPPRODUCTICON.exe c:\windows\Installer\{04DE4606-6C76-A25C-BD13-646479CE1A5C}\ARPPRODUCTICON.exe c:\windows\Installer\{058E65E2-AFC2-8974-43A2-1EA5A4A53471}\ARPPRODUCTICON.exe c:\windows\Installer\{06A81056-303F-A212-191D-35310DE5759F}\ARPPRODUCTICON.exe c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe c:\windows\Installer\{0AA381AC-7BBB-5B29-836C-5E13BB91154A}\ARPPRODUCTICON.exe c:\windows\Installer\{0DDCEDBA-8C17-CC50-7448-9131F3EF7517}\ARPPRODUCTICON.exe c:\windows\Installer\{162E46EB-F7C6-4B01-2384-349980B3F1BF}\ARPPRODUCTICON.exe c:\windows\Installer\{16622EEF-D159-3EB8-0EE3-F01B98317CED}\ARPPRODUCTICON.exe c:\windows\Installer\{1C0526C4-478A-9066-F37A-E58F08A21FE9}\ARPPRODUCTICON.exe c:\windows\Installer\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}\ARPPRODUCTICON.exe c:\windows\Installer\{1F1E9571-0EA2-7AA3-647B-16698BED9CF4}\ARPPRODUCTICON.exe c:\windows\Installer\{1FDB8BA3-9E5F-369F-C2A2-AA4AD06F0640}\ARPPRODUCTICON.exe c:\windows\Installer\{24642C6B-1F1F-362F-6A7F-14C75C9EE603}\ARPPRODUCTICON.exe c:\windows\Installer\{313B4B6B-61B3-5F70-647B-E6285A9D81DF}\ARPPRODUCTICON.exe c:\windows\Installer\{3264BE02-6AC0-96B3-A212-392A850D58CA}\ARPPRODUCTICON.exe c:\windows\Installer\{3CB58AB7-6750-F510-F055-27FA68D77472}\ARPPRODUCTICON.exe c:\windows\Installer\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}\ARPPRODUCTICON.exe c:\windows\Installer\{53007195-C491-23E9-D420-EDAB61E57609}\ARPPRODUCTICON.exe c:\windows\Installer\{5833EB1F-F1FD-DA8E-B2BA-C23E58BB0C65}\ARPPRODUCTICON.exe c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe c:\windows\Installer\{68A8941B-6E97-B11C-1B10-C3370E4CC885}\ARPPRODUCTICON.exe c:\windows\Installer\{6B59A12B-D448-E129-28E9-57D1E2E5F7BB}\ARPPRODUCTICON.exe c:\windows\Installer\{6CDB6681-B777-4DAD-412E-7933B9296850}\ARPPRODUCTICON.exe c:\windows\Installer\{7B81F6BB-7C9C-E66F-9989-42EEB1076F84}\ARPPRODUCTICON.exe c:\windows\Installer\{85010422-4932-6A9E-C222-A994DA299C81}\ARPPRODUCTICON.exe c:\windows\Installer\{8557397C-A42D-486F-97B3-A2CBC2372593}\ARPPRODUCTICON.exe c:\windows\Installer\{89505FE0-A07E-928A-42F4-DA1B2788C01B}\ARPPRODUCTICON.exe c:\windows\Installer\{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}\ARPPRODUCTICON.exe c:\windows\Installer\{90BF0360-A1DB-4599-A643-95AB90A52C1E}\ARPPRODUCTICON.exe c:\windows\Installer\{925D058B-564A-443A-B4B2-7E90C6432E55}\ARPPRODUCTICON.exe c:\windows\Installer\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}\ARPPRODUCTICON.exe c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe c:\windows\Installer\{9A9BE8E5-2263-3EFA-FDD1-11F6E267EEF9}\ARPPRODUCTICON.exe c:\windows\Installer\{9C6210BC-CF1C-E637-C74D-28612585CAD9}\ARPPRODUCTICON.exe c:\windows\Installer\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}\ARPPRODUCTICON.exe c:\windows\Installer\{AFE6E077-E0A3-2993-0913-8DEEADF4E2DE}\ARPPRODUCTICON.exe c:\windows\Installer\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}\ARPPRODUCTICON.exe c:\windows\Installer\{BA28817B-738A-9284-D3D6-E973982AEF3B}\ARPPRODUCTICON.exe c:\windows\Installer\{C58362EF-CABB-B475-065B-FD07C0D49770}\ARPPRODUCTICON.exe c:\windows\Installer\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}\ARPPRODUCTICON.exe c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe c:\windows\Installer\{D432AD16-2F8C-0022-E2F1-E27DCB5F6949}\ARPPRODUCTICON.exe c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe c:\windows\Installer\{E616437B-CE55-B463-ED6B-408E29A073CB}\ARPPRODUCTICON.exe c:\windows\Installer\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\ARPPRODUCTICON.exe c:\windows\Installer\{E718AAF4-CB80-9649-347E-C9A9803BE6D0}\ARPPRODUCTICON.exe c:\windows\Installer\{F5EB2C27-3F16-01B6-BA56-316BC0F8CA87}\ARPPRODUCTICON.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))) . . 2011-11-17 21:11 . 2011-11-17 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-17 15:51 . 2011-11-17 15:51 388096 ----a-r- c:\users\Nico\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-16 13:57 . 2011-11-16 13:57 -------- d-----w- c:\users\Nico\AppData\Roaming\Malwarebytes 2011-11-16 13:56 . 2011-11-16 13:56 -------- d-----w- c:\programdata\Malwarebytes 2011-11-16 13:56 . 2011-11-16 13:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-11-16 13:56 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-15 15:39 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC9FF7C7-644A-4139-9B41-D6E1D040E242}\mpengine.dll 2011-11-09 18:30 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 18:30 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-09 18:30 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 18:30 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys 2011-11-09 17:44 . 2011-11-17 19:33 -------- d-----w- c:\users\Nico\AppData\Local\PokerStars 2011-11-09 17:43 . 2011-11-09 17:53 -------- d-----w- c:\program files (x86)\PokerStars 2011-10-23 12:30 . 2011-10-23 12:30 8192 ----a-w- c:\windows\SysWow64\srvany.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-18 13:32 . 2011-08-27 13:31 161168 ----a-w- c:\windows\system32\mfevtps.exe 2011-10-15 12:16 . 2011-08-27 13:32 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-10-15 12:16 . 2011-08-27 13:31 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys 2011-10-15 12:16 . 2011-08-27 13:31 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-10-15 12:16 . 2011-08-27 13:31 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-10-15 12:16 . 2011-08-27 13:31 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-10-15 12:16 . 2011-08-27 13:31 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2011-10-15 12:16 . 2011-08-27 13:31 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-10-15 12:16 . 2011-08-27 13:31 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-10-15 12:16 . 2011-08-27 13:31 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-10-15 10:54 . 2011-09-12 13:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-01 05:24 . 2011-10-13 20:59 2309120 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 05:17 . 2011-10-13 20:59 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 05:12 . 2011-10-13 21:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-01 02:35 . 2011-10-13 20:59 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-09-01 02:28 . 2011-10-13 20:59 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-09-01 02:22 . 2011-10-13 21:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-08-28 11:22 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-08-28 11:22 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-08-27 13:28 . 2011-08-27 13:28 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-08-27 13:28 . 2011-08-27 13:28 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-08-27 13:28 . 2011-08-27 13:28 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-08-27 13:28 . 2011-08-27 13:28 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-08-27 13:28 . 2011-08-27 13:28 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-08-27 13:28 . 2011-08-27 13:28 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-08-27 13:28 . 2011-08-27 13:28 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-08-27 13:28 . 2011-08-27 13:28 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-08-27 13:28 . 2011-08-27 13:28 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-08-27 13:28 . 2011-08-27 13:28 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-08-27 13:28 . 2011-08-27 13:28 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-08-27 13:28 . 2011-08-27 13:28 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-08-27 13:28 . 2011-08-27 13:28 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-08-27 13:28 . 2011-08-27 13:28 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-08-27 13:28 . 2011-08-27 13:28 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-08-27 13:28 . 2011-08-27 13:28 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-08-27 13:28 . 2011-08-27 13:28 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-08-27 13:28 . 2011-08-27 13:28 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-08-27 13:28 . 2011-08-27 13:28 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-08-27 13:28 . 2011-08-27 13:28 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-08-27 13:28 . 2011-08-27 13:28 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-08-27 13:28 . 2011-08-27 13:28 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-08-27 13:28 . 2011-08-27 13:28 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-08-27 13:28 . 2011-08-27 13:28 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-08-27 13:28 . 2011-08-27 13:28 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-08-27 13:28 . 2011-08-27 13:28 448512 ----a-w- c:\windows\system32\html.iec 2011-08-27 13:28 . 2011-08-27 13:28 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-27 13:28 . 2011-08-27 13:28 222208 ----a-w- c:\windows\system32\msls31.dll 2011-08-27 13:28 . 2011-08-27 13:28 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-08-27 13:28 . 2011-08-27 13:28 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-08-27 13:28 . 2011-08-27 13:28 160256 ----a-w- c:\windows\system32\wextract.exe 2011-08-27 13:28 . 2011-08-27 13:28 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-08-27 13:28 . 2011-08-27 13:28 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-08-27 13:28 . 2011-08-27 13:28 12288 ----a-w- c:\windows\system32\mshta.exe 2011-08-27 13:28 . 2011-08-27 13:28 114176 ----a-w- c:\windows\system32\admparse.dll 2011-08-27 13:28 . 2011-08-27 13:28 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-08-27 05:37 . 2011-10-13 05:49 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-27 05:37 . 2011-10-13 05:49 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-08-27 04:26 . 2011-10-13 05:49 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-08-27 04:26 . 2011-10-13 05:49 233472 ----a-w- c:\windows\SysWow64\oleacc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-08-27 638736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-26 102400] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 937920] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2011-08-10 102608] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-03-17 258928] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [x] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 . Inhoud van de 'Gedeelde Taken' map . 2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271613879-2368526444-3534850837-1000Core.job - c:\users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:31] . 2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271613879-2368526444-3534850837-1000UA.job - c:\users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:31] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976] "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.nederland.fm/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýM3] @Class="Shell" . [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýM3\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*ýM3] "0"=hex:46,3a,5c,4d,75,7a,69,65,6b,5c,41,76,69,63,69,69,20,2d,20,4c,65,76,65, 6c,73,20,28,50,61,72,74,79,20,52,65,6d,69,78,29,2e,6d,70,33,00,74,00,2e,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @=&quo

anoniem · 17 november 2011

Het ComboFix-log is niet compleet - schijnbaar is het laatse ervan ergens blijven hangen! Je kan het terugvinden in C:\combofix.txt

anoniem · 18 november 2011

ComboFix 11-11-17.03 - Nico 17-11-2011 22:03:48.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3959.2624 [GMT 1:00] Gestart vanuit: d:\gebruikers\Nico\Downloads\ComboFix.exe AV: McAfeeAntivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfeeFirewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfeeAntivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\slwga.dll . . . . konden niet verwijderd worden c:\windows\system32\srrstr.dll . . . . konden niet verwijderd worden c:\windows\system32\systemcpl.dll . . . . konden niet verwijderd worden c:\windows\system32\termsrv.dll . . . . konden niet verwijderd worden c:\windows\SysWow64\odbcad32.exe . ----- File Replicators ----- . c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe c:\windows\Installer\{04B9F1A8-CC3B-CCF8-71B6-1ABFE4E00590}\ARPPRODUCTICON.exe c:\windows\Installer\{04DE4606-6C76-A25C-BD13-646479CE1A5C}\ARPPRODUCTICON.exe c:\windows\Installer\{058E65E2-AFC2-8974-43A2-1EA5A4A53471}\ARPPRODUCTICON.exe c:\windows\Installer\{06A81056-303F-A212-191D-35310DE5759F}\ARPPRODUCTICON.exe c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe c:\windows\Installer\{0AA381AC-7BBB-5B29-836C-5E13BB91154A}\ARPPRODUCTICON.exe c:\windows\Installer\{0DDCEDBA-8C17-CC50-7448-9131F3EF7517}\ARPPRODUCTICON.exe c:\windows\Installer\{162E46EB-F7C6-4B01-2384-349980B3F1BF}\ARPPRODUCTICON.exe c:\windows\Installer\{16622EEF-D159-3EB8-0EE3-F01B98317CED}\ARPPRODUCTICON.exe c:\windows\Installer\{1C0526C4-478A-9066-F37A-E58F08A21FE9}\ARPPRODUCTICON.exe c:\windows\Installer\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}\ARPPRODUCTICON.exe c:\windows\Installer\{1F1E9571-0EA2-7AA3-647B-16698BED9CF4}\ARPPRODUCTICON.exe c:\windows\Installer\{1FDB8BA3-9E5F-369F-C2A2-AA4AD06F0640}\ARPPRODUCTICON.exe c:\windows\Installer\{24642C6B-1F1F-362F-6A7F-14C75C9EE603}\ARPPRODUCTICON.exe c:\windows\Installer\{313B4B6B-61B3-5F70-647B-E6285A9D81DF}\ARPPRODUCTICON.exe c:\windows\Installer\{3264BE02-6AC0-96B3-A212-392A850D58CA}\ARPPRODUCTICON.exe c:\windows\Installer\{3CB58AB7-6750-F510-F055-27FA68D77472}\ARPPRODUCTICON.exe c:\windows\Installer\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}\ARPPRODUCTICON.exe c:\windows\Installer\{53007195-C491-23E9-D420-EDAB61E57609}\ARPPRODUCTICON.exe c:\windows\Installer\{5833EB1F-F1FD-DA8E-B2BA-C23E58BB0C65}\ARPPRODUCTICON.exe c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe c:\windows\Installer\{68A8941B-6E97-B11C-1B10-C3370E4CC885}\ARPPRODUCTICON.exe c:\windows\Installer\{6B59A12B-D448-E129-28E9-57D1E2E5F7BB}\ARPPRODUCTICON.exe c:\windows\Installer\{6CDB6681-B777-4DAD-412E-7933B9296850}\ARPPRODUCTICON.exe c:\windows\Installer\{7B81F6BB-7C9C-E66F-9989-42EEB1076F84}\ARPPRODUCTICON.exe c:\windows\Installer\{85010422-4932-6A9E-C222-A994DA299C81}\ARPPRODUCTICON.exe c:\windows\Installer\{8557397C-A42D-486F-97B3-A2CBC2372593}\ARPPRODUCTICON.exe c:\windows\Installer\{89505FE0-A07E-928A-42F4-DA1B2788C01B}\ARPPRODUCTICON.exe c:\windows\Installer\{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}\ARPPRODUCTICON.exe c:\windows\Installer\{90BF0360-A1DB-4599-A643-95AB90A52C1E}\ARPPRODUCTICON.exe c:\windows\Installer\{925D058B-564A-443A-B4B2-7E90C6432E55}\ARPPRODUCTICON.exe c:\windows\Installer\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}\ARPPRODUCTICON.exe c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe c:\windows\Installer\{9A9BE8E5-2263-3EFA-FDD1-11F6E267EEF9}\ARPPRODUCTICON.exe c:\windows\Installer\{9C6210BC-CF1C-E637-C74D-28612585CAD9}\ARPPRODUCTICON.exe c:\windows\Installer\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}\ARPPRODUCTICON.exe c:\windows\Installer\{AFE6E077-E0A3-2993-0913-8DEEADF4E2DE}\ARPPRODUCTICON.exe c:\windows\Installer\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}\ARPPRODUCTICON.exe c:\windows\Installer\{BA28817B-738A-9284-D3D6-E973982AEF3B}\ARPPRODUCTICON.exe c:\windows\Installer\{C58362EF-CABB-B475-065B-FD07C0D49770}\ARPPRODUCTICON.exe c:\windows\Installer\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}\ARPPRODUCTICON.exe c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe c:\windows\Installer\{D432AD16-2F8C-0022-E2F1-E27DCB5F6949}\ARPPRODUCTICON.exe c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe c:\windows\Installer\{E616437B-CE55-B463-ED6B-408E29A073CB}\ARPPRODUCTICON.exe c:\windows\Installer\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\ARPPRODUCTICON.exe c:\windows\Installer\{E718AAF4-CB80-9649-347E-C9A9803BE6D0}\ARPPRODUCTICON.exe c:\windows\Installer\{F5EB2C27-3F16-01B6-BA56-316BC0F8CA87}\ARPPRODUCTICON.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))) . . 2011-11-17 21:11 . 2011-11-17 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-17 15:51 . 2011-11-17 15:51 388096 ----a-r- c:\users\Nico\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-16 13:57 . 2011-11-16 13:57 -------- d-----w- c:\users\Nico\AppData\Roaming\Malwarebytes 2011-11-16 13:56 . 2011-11-16 13:56 -------- d-----w- c:\programdata\Malwarebytes 2011-11-16 13:56 . 2011-11-16 13:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-11-16 13:56 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-15 15:39 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC9FF7C7-644A-4139-9B41-D6E1D040E242}\mpengine.dll 2011-11-09 18:30 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 18:30 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-09 18:30 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 18:30 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys 2011-11-09 17:44 . 2011-11-17 19:33 -------- d-----w- c:\users\Nico\AppData\Local\PokerStars 2011-11-09 17:43 . 2011-11-09 17:53 -------- d-----w- c:\program files (x86)\PokerStars 2011-10-23 12:30 . 2011-10-23 12:30 8192 ----a-w- c:\windows\SysWow64\srvany.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-18 13:32 . 2011-08-27 13:31 161168 ----a-w- c:\windows\system32\mfevtps.exe 2011-10-15 12:16 . 2011-08-27 13:32 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-10-15 12:16 . 2011-08-27 13:31 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys 2011-10-15 12:16 . 2011-08-27 13:31 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-10-15 12:16 . 2011-08-27 13:31 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-10-15 12:16 . 2011-08-27 13:31 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-10-15 12:16 . 2011-08-27 13:31 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2011-10-15 12:16 . 2011-08-27 13:31 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-10-15 12:16 . 2011-08-27 13:31 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-10-15 12:16 . 2011-08-27 13:31 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-10-15 10:54 . 2011-09-12 13:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-01 05:24 . 2011-10-13 20:59 2309120 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 05:17 . 2011-10-13 20:59 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 05:12 . 2011-10-13 21:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-01 02:35 . 2011-10-13 20:59 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-09-01 02:28 . 2011-10-13 20:59 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-09-01 02:22 . 2011-10-13 21:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-08-28 11:22 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-08-28 11:22 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-08-27 13:28 . 2011-08-27 13:28 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-08-27 13:28 . 2011-08-27 13:28 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-08-27 13:28 . 2011-08-27 13:28 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-08-27 13:28 . 2011-08-27 13:28 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-08-27 13:28 . 2011-08-27 13:28 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-08-27 13:28 . 2011-08-27 13:28 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-08-27 13:28 . 2011-08-27 13:28 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-08-27 13:28 . 2011-08-27 13:28 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-08-27 13:28 . 2011-08-27 13:28 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-08-27 13:28 . 2011-08-27 13:28 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-08-27 13:28 . 2011-08-27 13:28 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-08-27 13:28 . 2011-08-27 13:28 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-08-27 13:28 . 2011-08-27 13:28 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-08-27 13:28 . 2011-08-27 13:28 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-08-27 13:28 . 2011-08-27 13:28 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-08-27 13:28 . 2011-08-27 13:28 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-08-27 13:28 . 2011-08-27 13:28 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-08-27 13:28 . 2011-08-27 13:28 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-08-27 13:28 . 2011-08-27 13:28 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-08-27 13:28 . 2011-08-27 13:28 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-08-27 13:28 . 2011-08-27 13:28 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-08-27 13:28 . 2011-08-27 13:28 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-08-27 13:28 . 2011-08-27 13:28 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-08-27 13:28 . 2011-08-27 13:28 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-08-27 13:28 . 2011-08-27 13:28 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-08-27 13:28 . 2011-08-27 13:28 448512 ----a-w- c:\windows\system32\html.iec 2011-08-27 13:28 . 2011-08-27 13:28 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-27 13:28 . 2011-08-27 13:28 222208 ----a-w- c:\windows\system32\msls31.dll 2011-08-27 13:28 . 2011-08-27 13:28 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-08-27 13:28 . 2011-08-27 13:28 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-08-27 13:28 . 2011-08-27 13:28 160256 ----a-w- c:\windows\system32\wextract.exe 2011-08-27 13:28 . 2011-08-27 13:28 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-08-27 13:28 . 2011-08-27 13:28 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-08-27 13:28 . 2011-08-27 13:28 12288 ----a-w- c:\windows\system32\mshta.exe 2011-08-27 13:28 . 2011-08-27 13:28 114176 ----a-w- c:\windows\system32\admparse.dll 2011-08-27 13:28 . 2011-08-27 13:28 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-08-27 05:37 . 2011-10-13 05:49 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-27 05:37 . 2011-10-13 05:49 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-08-27 04:26 . 2011-10-13 05:49 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-08-27 04:26 . 2011-10-13 05:49 233472 ----a-w- c:\windows\SysWow64\oleacc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-08-27 638736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-26 102400] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 937920] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2011-08-10 102608] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-03-17 258928] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [x] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 . Inhoud van de 'Gedeelde Taken' map . 2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271613879-2368526444-3534850837-1000Core.job - c:\users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:31] . 2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2271613879-2368526444-3534850837-1000UA.job - c:\users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 13:31] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976] "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.nederland.fm/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýM3] @Class="Shell" . [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýM3\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2271613879-2368526444-3534850837-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*ýM3] "0"=hex:46,3a,5c,4d,75,7a,69,65,6b,5c,41,76,69,63,69,69,20,2d,20,4c,65,76,65, 6c,73,20,28,50,61,72,74,79,20,52,65,6d,69,78,29,2e,6d,70,33,00,74,00,2e,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe . ************************************************************************** . Voltooingstijd: 2011-11-17 22:19:19 - machine werd herstart ComboFix-quarantined-files.txt 2011-11-17 21:19 . Pre-Run: 114.978.451.456 bytes beschikbaar Post-Run: 117.780.062.208 bytes beschikbaar . - - End Of File - - 82BF197FE724904E2C82CDD90B32116C

anoniem · 19 november 2011

Vertel hoe jouw Windows momenteel draait en waarom je een Hijack This begonnen bent?

anoniem · 19 november 2011

Nu draait hij naar mijn doen wel goed. Sinds dat ik in mijn vorig topic werd verzocht malware scan uit te voeren, en 2 bestanden te verwijderen, heb ik geen last meer van vastlopingen van windows of iets dergelijks. Mijn aanleiding van dit topic staat hier: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1467880#1467880 Aanleiding van dit bericht: Tirm Ouwe rot Geregistreerd op: 27-6-2009 Berichten: 783 Geplaatst: do nov 17, 2011 1:30 am Onderwerp: -------------------------------------------------------------------------------- Plaats toch nog maar een hijackthis-log in de rubriek Beveiliging en privacy... Windows liep meerdere malen in korte tijd vast zowel bij afsluiten als bij actieve processen. Verder bleek McAfee toen uitgeschakeld te zijn als ik weer wou opstarten. Maar zoals ik begrijp is er aan deze logs niets te zien?

anoniem · 19 november 2011

Ik zet alleen vraagtekens bij de vele vermeldingen in het log van ComboFix van [b:c6ddbaad47]ARPPRODUCTICON.exe [/b:c6ddbaad47] Het lijkt erop dat dit bestand vele malen vernieuwd is geworden!

anoniem · 19 november 2011

Wat wil dat zeggen als iets vaak vernieuwd wordt dan?

anoniem · 19 november 2011

Als je ARPPRODUCTICON.exe even in Google mikt, zie je info die doorgaans geruststellend klinkt, bijv. hier http://www.fixfiles.net/arpproducticon.exe.html Ik heb even gekeken op mijn XP-tje in de Windows-map. Bij mij zit ie in C:\WINDOWS\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726} en hij is 10 kb en van 21-8-2011. Op die datum heb ik Adobe Shockwave 11.6 geïnstalleerd of ge-updated, daar heeft het vermoedelijk mee te maken. Resultaat op Virustotal.com MD5: 6e42cf0d47af25dea4cecdbe093d521c Date first seen: 2009-02-11 13:31:45 (UTC) Date last seen: 2011-11-19 15:33:24 (UTC) Detection ratio: 0/42 Check die van jou ook even op Virustotal.com. Een registerscan zou ik nooit doen. Daar word je mee doodgegooid op al dat soort websites. Er worden dan 5867 of zo fouten gevonden plus een betaald progje om het op te lossen....

anoniem · 20 november 2011

Arpproduction is inderdaad gelieerd aan software welke geïnstalleerd wordt. Niet alleen Adobe werkt er mee, maar andere andere softwaremakers ook. Het is inderdaad geen spyware!

anoniem · 20 november 2011

Onlangs heb ik weer ongeveer hetzelfde probleem gehad... De computer reageerde ineens heeeeel erg traag en alles begon vast te lopen. Het leek wel alsof iemand op mijn computer zat vanuit een andere computer.. Ik wou op start en opnieuw opstarten drukken maar dat lukte zelfs niet en toen even later kreeg ik zwart scherm, heb hem maar meteen van stroom afgehaald...

anoniem · 20 november 2011

Het betreft weer de PC uit dit topic?

anoniem · 20 november 2011

[quote:c995854fa1="Abraham54"]Het betreft weer de PC uit dit topic?[/quote:c995854fa1] Ja...

anoniem · 20 november 2011

Doe dan maar het volgende: Download de [b:8b96eba4b7][url=http://download11.emsisoft.com/EmsisoftEmergencyKit.zip][color=#FF0000:8b96eba4b7]Emsisoft Emergency Kit[/color:8b96eba4b7][/url][/b:8b96eba4b7] naar het bureaublad en pak het [b:8b96eba4b7]ZIP[/b:8b96eba4b7] bestand uit. [list:8b96eba4b7] [*:8b96eba4b7] Open de map "[b:8b96eba4b7]EmsisoftEmergencyKit[/b:8b96eba4b7]" en dubbelklik op "[b:8b96eba4b7]Start.exe[/b:8b96eba4b7]" [*:8b96eba4b7] Klik nu op "[b:8b96eba4b7]Emergency Kit Scanner[/b:8b96eba4b7]" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "[b:8b96eba4b7]Ja[/b:8b96eba4b7]" [img:8b96eba4b7]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK11.jpg[/img:8b96eba4b7] [*:8b96eba4b7] Als de update gereed is en de melding "[b:8b96eba4b7]Update process is succesvol afgerond[/b:8b96eba4b7]" verschijnt klikt u op "[b:8b96eba4b7]menu[/b:8b96eba4b7]" en dan op "[b:8b96eba4b7]Scan PC[/b:8b96eba4b7]" [*:8b96eba4b7] Selecteer de optie "[b:8b96eba4b7]Diep[/b:8b96eba4b7]" als deze niet standaard al zo is ingesteld. [*:8b96eba4b7] Klik Nu op de knop "[b:8b96eba4b7]Scan[/b:8b96eba4b7]" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af. [*:8b96eba4b7] Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is. [*:8b96eba4b7] Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "[b:8b96eba4b7]verwijder geselecteerde[/b:8b96eba4b7]" u zal nu de volgende melding krijgen maar klik hier op "[b:8b96eba4b7]Ja[/b:8b96eba4b7]" [img:8b96eba4b7]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK2.jpg[/img:8b96eba4b7] [*:8b96eba4b7] Als het verwijderen gereed is klikt u op de knop "[b:8b96eba4b7]View report[/b:8b96eba4b7]" en selecteert u het tekstbestand van deze scan met de naam zoals: [b:8b96eba4b7]a2scan_110730-111615.txt[/b:8b96eba4b7] [*:8b96eba4b7] Plaats de inhoud van dit LOG bestand straks in uw volgende bericht. [*:8b96eba4b7] Herstart nu de computer.[/list:u:8b96eba4b7] Hoe bne jij overigens verbomden met internet? Gedraad of draadloos?

anoniem · 22 november 2011

Probleem... Ik had hem dus gescand maar had de optie Uitschakelen aangevinkt als scan klaar zou zijn. Ik kwam thuis en computer stond nog aan.. Er stond dat er 1 hoog risico was en dat was omschreven als virus. Ik kreeg melding risico en volgde de instructie op dat ik dat kon wegklikken. Toen wou ik bestanden verwijderen maar gaf hij ineens een registreerscherm weer. Ik druk op annuleren en het programma sluit zich af en de pc wordt uitgeschakeld... Staan de scangegevens ergens opgeslagen of ben ik het nu kwijt en moet ik het opnieuw doen?...

anoniem · 23 november 2011

In de map (op je Bureaublad?) \EmsisoftEmergencyKit\Run\Reports zal je als het goed is een verslag vinden van de scan. Anders doe je het toch gewoon opnieuw?

anoniem · 23 november 2011

Waarom jij je ook niet aan de opdracht heb gehouden, maar een extra handeling uitvoerde, dat is mij niet geheel duidelijk....

anoniem · 23 november 2011

Ik was de hele dag niet thuis en vond het onnodig de computer aan te laten staan. Dus ik dacht ik vink aan dat ik de computer automatisch laat uitschakelen... Excuses hiervoor.. Ik heb hem vandaag weer gescand met als resultaat: Emsisoft Emergency Kit - Versie 1.0 Laatste Update: N/A Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\, D:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 23-11-2011 8:12:54 c:\program files (x86)\Free Offers from Freeze.com Ontdekt: Trace.Directory.Freeze!A2 c:\program files (x86)\Free Offers from Freeze.com\control.txt Ontdekt: Trace.File.Freeze!A2 c:\program files (x86)\Free Offers from Freeze.com\dolphinico.ico Ontdekt: Trace.File.Freeze!A2 c:\program files (x86)\Free Offers from Freeze.com\whalesico.ico Ontdekt: Trace.File.Freeze!A2 Key: HKEY_LOCAL_MACHINE\software\Freeze.com\ Ontdekt: Trace.Registry.Freeze!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Freeze.com\Installer --> id Ontdekt: Trace.Registry.EZ Game Cheats!A2 C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Cookies\Low\nico@stat.onestat[2].txt Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Cookies\Low\nico@weborama[1].txt Ontdekt: Trace.TrackingCookie.weborama!A2 C:\Program Files (x86)\Free Offers from Freeze.com\16700.url Ontdekt: Adware.Win32.Freeze!A2 C:\Program Files (x86)\Free Offers from Freeze.com\16714.url Ontdekt: Adware.Win32.Freeze!A2 Gescand Bestanden: 236361 Sporen: 401423 Cookies: 373 Processen: 81 Gevonden Bestanden: 2 Sporen: 6 Cookies: 2 Processen: 0 Registersleutels: 0 Scan Geëindigd: 23-11-2011 9:41:42 Scantijd: 1:28:48 Het virus is gister dus al verwijderd automatisch, maar er is daar geen logfile van. Is er geen mogelijkheid om te achterhalen wat hij heeft verwijderd?... En wat moet ik met deze gegevens doen, allemaal verwijderen? Ook al hebben ze laag/gemiddeld risico? En ik maak gebruik van draadloze internet.

anoniem · 23 november 2011

Hoi, het is beter indien je een scanner niet kent, bij jouw computer te blijven dan datgene doen wat jij deed! Doe de ComboFix scan nogmaals. Het kan na opstarten van ComboFix gebeuren dat er een melding komt: - of ComboFix wil geupdated worden; - of ComboFix wil opnieuw gedownload worden. Krijg je dus zo'n melding, dan dit ook uitvoeren. Post aansluitend de inhoud van het log.

anoniem · 23 november 2011

Daar heeft u ook helemaal gelijk in, maar daar heb ik niet bij nagedacht omdat ik nogal haast had en dit wel een goede optie leek. Ik zal Combofix strax even aanzetten en posten. Maar wat moet ik doen met die laag/gemiddeld risico van de scan? Betreft 10 items, zo laten of verwijderen/in kluis plaatsen?

HijackThis log vanwege computerproblemen!

Vraag

Link naar reactie

Beste reacties voor deze vraag

Populaire dagen

Beste reacties voor deze vraag

Populaire dagen

76 antwoorden op deze vraag

Aanbevolen berichten

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Om een reactie te plaatsen, moet je eerst inloggen

Populaire leden

Leden

Recente topics